Date: Thu, 23 Dec 2004 18:24:47 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 67592 for review Message-ID: <200412231824.iBNIOlW3072185@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=67592 Change 67592 by areisse@areisse_tislabs on 2004/12/23 18:23:47 Install flask generated files from the new policy to the kernel. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#6 (text+ko) ==== @@ -31,6 +31,9 @@ { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" }, { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" }, { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" }, + { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" }, + { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" }, + { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" }, { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" }, { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" }, { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" }, @@ -76,6 +79,7 @@ { SECCLASS_MSG, MSG__SEND, "send" }, { SECCLASS_MSG, MSG__RECEIVE, "receive" }, { SECCLASS_MSG, MSG__DESTROY, "destroy" }, + { SECCLASS_SHM, SHM__LOCK, "lock" }, { SECCLASS_POSIX_SEM, POSIX_SEM__ASSOCIATE, "associate" }, { SECCLASS_POSIX_SEM, POSIX_SEM__DISASSOCIATE, "disassociate" }, { SECCLASS_POSIX_SEM, POSIX_SEM__DESTROY, "destroy" }, @@ -141,6 +145,8 @@ { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" }, { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" }, { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" }, + { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" }, + { SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab" }, }; #define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t)) ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#7 (text+ko) ==== @@ -280,6 +280,7 @@ #define TCP_SOCKET__CONNECTTO 0x0000000001000000UL #define TCP_SOCKET__NEWCONN 0x0000000002000000UL #define TCP_SOCKET__ACCEPTFROM 0x0000000004000000UL +#define TCP_SOCKET__NODE_BIND 0x0000000008000000UL #define UDP_SOCKET__TRANSITION 0x0000000000000400UL #define UDP_SOCKET__SHUTDOWN 0x0000000000040000UL @@ -306,6 +307,8 @@ #define UDP_SOCKET__IOCTL 0x0000000000000002UL #define UDP_SOCKET__RELABELTO 0x0000000000000200UL +#define UDP_SOCKET__NODE_BIND 0x0000000001000000UL + #define RAWIP_SOCKET__TRANSITION 0x0000000000000400UL #define RAWIP_SOCKET__SHUTDOWN 0x0000000000040000UL #define RAWIP_SOCKET__POLL 0x0000000000000001UL @@ -331,6 +334,8 @@ #define RAWIP_SOCKET__IOCTL 0x0000000000000002UL #define RAWIP_SOCKET__RELABELTO 0x0000000000000200UL +#define RAWIP_SOCKET__NODE_BIND 0x0000000001000000UL + #define NODE__TCP_RECV 0x0000000000000001UL #define NODE__TCP_SEND 0x0000000000000002UL #define NODE__UDP_RECV 0x0000000000000004UL @@ -547,6 +552,8 @@ #define SHM__DESTROY 0x0000000000000002UL #define SHM__GETATTR 0x0000000000000004UL +#define SHM__LOCK 0x0000000000000200UL + #define POSIX_SEM__ASSOCIATE 0x0000000000000001UL #define POSIX_SEM__DISASSOCIATE 0x0000000000000002UL #define POSIX_SEM__DESTROY 0x0000000000000004UL @@ -616,6 +623,8 @@ #define PASSWD__PASSWD 0x0000000000000001UL #define PASSWD__CHFN 0x0000000000000002UL #define PASSWD__CHSH 0x0000000000000004UL +#define PASSWD__ROOTOK 0x0000000000000008UL +#define PASSWD__CRONTAB 0x0000000000000010UL /* FLASK */ ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#5 (text+ko) ==== @@ -26,10 +26,8 @@ "sysctl_vm", "sysctl_dev", "kmod", - "devfs", - "devpts", - "nfs", "policy", - "tmpfs", + "scmp_packet", + "devnull", }; ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#6 (text+ko) ==== @@ -66,12 +66,10 @@ #define SECINITSID_SYSCTL_VM 22 #define SECINITSID_SYSCTL_DEV 23 #define SECINITSID_KMOD 24 -#define SECINITSID_DEVFS 25 -#define SECINITSID_DEVPTS 26 -#define SECINITSID_NFS 27 -#define SECINITSID_POLICY 28 -#define SECINITSID_TMPFS 29 +#define SECINITSID_POLICY 25 +#define SECINITSID_SCMP_PACKET 26 +#define SECINITSID_DEVNULL 27 -#define SECINITSID_NUM 29 +#define SECINITSID_NUM 27 #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412231824.iBNIOlW3072185>